Presentation is loading. Please wait.

Presentation is loading. Please wait.

Re-evaluating the WPA2 Security Protocol

Published byRolf Hancock Modified over 6 years ago

Similar presentations

Presentation on theme: "Re-evaluating the WPA2 Security Protocol"— Presentation transcript:

1 Re-evaluating the WPA2 Security Protocol
Network Security (WPA—PSK): Just How Safe is Your Information over Wi-Fi? Re-evaluating the WPA2 Security Protocol Statement of Problem Materials and Methods Results Discussion A server, client, and attacking machine were used to perform this experiment. Software such as PineAP, Wireshark, Airbase, Aircrack-ng. Pyrit, and the Command Line were also used to launch the attack. Several dictionaries containing passphrases were utilized to crack the network passphrase. Procedure for attack: Snooping: 1) Run Wireshark to collect network packets. MAC Spoofing: 1) Change MAC address on attacking machine 2) Collect network packets with Wireshark. De-Authentication: 1) Create Data file to capture handshake 2) De-Authenticate client, handshake captured. 3)Import dictionary file into system. 4) Utilize Pyrit to crack passphrase from 4-way handshake Rogue Access Point (offline attack): 1) Create rogue access point 2) Create file to capture handshake 3) Repeat Steps 3 &4 of De-Authentication How resistant is the Wi-Fi Protected Access 2, Preshared Key (WPA2-PSK) security mechanism against common network attacks? De-Authentication attacks yielded a 100% success rate in obtaining the network passphrase. Rogue Access point yielded a 80% success rate in obtaining the network passphrase. MAC Spoofing did not yield any information Snooping yielded client information 100% of the time that was not previously known. Although WPA2-PSK has been considered the most secure mechanism available for protecting information on networks for nearly a decade, my data shows that this is no longer the case. At the conclusion of this study, it can be reasonably determined that WPA2-PSK is no longer safe for protecting sensitive information on a network. Through a series of experimental attacks, both the passphrase and client information that can lead to another more direct attack was obtained in a majority of the trails. Simply put, a security mechanism cannot be considered secure if certain attacks are able to bypass it on a majority of trials. The rogue access point has not been widely studied for penetration of the WPA2 network. However, my experiment resulted in an 80% success rate which suggests that the rogue access point attack is also effective in defeating the WPA2 security protocol. Introduction WPA2-PSK is currently the most advanced network security protocol available to encrypt and prevent unauthorized access to information on a small to moderate network. WPA2-PSK utilizes a hierarchy of encryption keys derived from a network passphrase and a series of authentication steps to secure information. It’s encryption is based off of the Advanced Encryption Standard (AES) which is extremely strong. However, certain minute flaws in the authentication sequence may allow the network to be compromised. In this experiment, a series of attacks will target the flaws within the WPA2-PSK’s authentication sequence. The amount of supposedly encrypted information gained will be subsequently recorded. My hypothesis is that WPA2-PSK will be effective against traffic snooping, MAC Spoofing, and Evil Twin Access Points, but may be ineffective against a client de-authentication attack. The independent variable is the type of the network attack, where the dependent variable is the amount of information gained. Figure 4: Average Time for Each Attack Figure 5: Success Rate of Obtaining Network Passphrase Future Implications It has been widely accepted in the IT Community that once a network passphrase is gained, several other additional pieces of information can be also be exploited. The network passphrase can be imported into a network traffic analyzer to decrypt encrypted client to station information exchange. It would be of interest to see what information can be obtained using this method. Due to the nature of the attack, no real solutions are obvious. The best way to prevent such an attack is to create a secure passphrase, and enable MAC filtering as these will make the network a less viable target. However, I believe that in the long term, a network manager can be created to detect De-authentication frames and alter network settings to prevent information from being exploited. The handshake can also be altered so that crucial information is not released to the attack. I plan to study these mechanisms and test the effectiveness of my proposed solutions in the future. Figure 2: Snooping Attack Results: Client Information shown Figure 1: Key Hierarchy for WPA2-PSK Encryption (Unicast Traffic) EAPOLMIC is used to preserve integrity during initial handshake. EAPOL is used to prevent unauthorized modification of user data Data Encryption/MIC is used for encrypting user data. Combined with random generated values and the Pairwise Master Key to produce a set of keys called the Pairwise Transient Key Derived in Phrase 1 from the Preshared Key (which includes network passphrase, SSID, n-iterations, and key length) Pairwise Master Key (256 bits) Pairwise Transient Key (384 bits) EAPOLMIC key (128 bits) EAPOLEncrkey (128bits) Data Encr /MIC key (128 bits) Figure 6: Diagram of WPA2 Authentication Phase Phase 1 Probe request. Open Authentication Request Association Request Phase 2 Message 2: EAPOLKey(SNonce,MIC) Message 4: EAPOLKey(Ready,MIC) Probe Response Open Authentication Response Association Response Message 1 EAPOLKey(ANonce) Message 2 EAPOLKey(SNonce.MIC) Figure 3: De-Authentication Results: Passphrase shown. Access Point (AP) Station (STA)

Download ppt "Re-evaluating the WPA2 Security Protocol"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Crack WPA Lab Last Update 2014.06.11 1.0.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WPA Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.

Hacking WLAN // BRUTE FORCE CRACKER // TCP/IP. WLAN HACK Wired Equivalent Privacy (WEP) encryption was designed to protect against casual snooping, but.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
WLAN security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.
MIS 5212.001 Week 11 Site:

MIS Week 11 Site:
Wireless Attacks. Set up the APs Computer IP: 192.168.11.50 Subnet Mask: 255.255.255.0 Router IP address: –

Wireless Attacks. Set up the APs Computer IP: Subnet Mask: Router IP address: –
Michal Rapco 05, 2005 Security issues in Wireless LANs.

Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
Chapter 13-802.11 Network Security Architecture 802.11 Security Basics Legacy 802.11 security Robust Security Segmentation Infrastructure Security VPN.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.
Wireless Network Security Dr. John P. Abraham Professor UTPA.

Wireless Network Security Dr. John P. Abraham Professor UTPA.
Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)

Wireless Security Beyond WEP. Wireless Security Privacy Authorization (access control) Data Integrity (checksum, anti-tampering)
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Similar presentations

Ads by Google